admin_user_global_sign_out works only once (#4717)

2021-12-27 23:18:02 +03:00 · 2021-12-27 23:18:02 +03:00 · 398c8af0b2
commit 398c8af0b2
parent c0aee36a7b
2 changed files with 29 additions and 0 deletions
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@ -1335,6 +1335,8 @@ class CognitoIdpBackend(BaseBackend):
        self.admin_get_user(user_pool_id, username)

        for token, token_tuple in list(user_pool.refresh_tokens.items()):
+            if token_tuple is None:
+                continue
            _, username = token_tuple
            if username == username:
                user_pool.refresh_tokens[token] = None
--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@ -2907,6 +2907,33 @@ def test_admin_user_global_sign_out():
    err["Message"].should.equal("Refresh Token has been revoked")


+@mock_cognitoidp
+def test_admin_user_global_sign_out_twice():
+    conn = boto3.client("cognito-idp", "us-west-2")
+    result = user_authentication_flow(conn)
+
+    conn.admin_user_global_sign_out(
+        UserPoolId=result["user_pool_id"], Username=result["username"],
+    )
+
+    conn.admin_user_global_sign_out(
+        UserPoolId=result["user_pool_id"], Username=result["username"],
+    )
+
+    with pytest.raises(ClientError) as ex:
+        conn.initiate_auth(
+            ClientId=result["client_id"],
+            AuthFlow="REFRESH_TOKEN",
+            AuthParameters={
+                "REFRESH_TOKEN": result["refresh_token"],
+                "SECRET_HASH": result["secret_hash"],
+            },
+        )
+    err = ex.value.response["Error"]
+    err["Code"].should.equal("NotAuthorizedException")
+    err["Message"].should.equal("Refresh Token has been revoked")
+
+
@mock_cognitoidp
 def test_admin_user_global_sign_out_unknown_userpool():
    conn = boto3.client("cognito-idp", "us-west-2")